Termius is designed like a password manager to protect your data privacy. Only you can access your information in the encrypted vaults and hold the key to decrypt it.
Take an in-depth look into our security
Request our internal policies, SOC 2, or pentest reports.
Data security and privacy
Encryption in transit
All data sent to or from our infrastructure is encrypted in transit using industry-standard Transport Layer Security (TLS 1.2). You can view our SSLLabs report here for termius.com, api.termius.com, and account.termius.com.
Encryption at rest
All of our users' data (including passwords) is encrypted in the database using battle-tested encryption algorithms. In addition, our users' synchronized data is encrypted using end-to-end encryption.
We offer customers the option to delete their data at the end of their subscription. All data is then completely removed from the dashboard and server. Users can request the removal of usage data through the account page or by contacting support.
Read more about our privacy policy at https://termius.com/privacy-policy.
Payment information
All payment processing is securely outsourced to Stripe, a PCI Level 1 certified service provider. We do not collect any payment information and are therefore not subject to PCI obligations.
App and database security
Our systems have 99.99% uptime according to our status page.
We collect and store logs to provide an audit trail of our application activity.
We use technology to monitor exceptions and logs and to detect application anomalies.
We use a security monitoring solution to monitor our application security, detect attacks, and respond quickly to a data breach.
We use security headers to protect our users from attacks. You can check our grade on this security scanner for termius.com, api.termius.com, and account.termius.com.
We use security automation capabilities that automatically detect and respond to threats targeting our apps.
All of our services run in the cloud. We don't host or operate our routers, load balancers, DNS servers, or physical servers. Our service is based on Amazon Web Services. They provide strong security measures to protect our infrastructure and comply with most certifications. You can read more about their practices here.
Our network security architecture consists of multiple security zones. We monitor and protect our network to ensure that unauthorized access does not occur using:
A virtual private cloud (VPC), a bastion host, or VPN with network access control lists (ACLs) and no public IP addresses.
A firewall that monitors and controls inbound and outbound network traffic.
IP address filtering.
We use Distributed Denial of Service (DDoS) mitigation services powered by an industry-leading solution.
Internal policies and training
Dedicated Security Team
Our security team consists of security professionals dedicated to improving the security of our organization. Our employees are trained to respond to security incidents and are available 24/7.
Business continuity
We back up all of our critical assets and regularly attempt to restore the backup to ensure rapid recovery during a disaster. All of our backups are encrypted.
We adhere to security best practices and frameworks (OWASP Top 10, SANS Top 25). We use the following best practices to ensure the highest level of protection in our software:
Developers participate in regular security training to learn about common vulnerabilities and threats.
We review our code for security vulnerabilities.
We regularly update our dependencies and make sure none of them has known vulnerabilities.
We use Static Application Security Testing (SAST) to detect basic security vulnerabilities in our codebase.
We rely on yearly third-party security experts to perform penetration tests of our applications.
